2. The Very Basics
The next step is get the basic connectivity, so at least new namespace can connect to the ones next to it.
Ensuring the Interface is Up
Firstly, we need to make sure our interface is actually up. The nshost-conn command should do this, but we should be certain. If we made configured interfaces not with nshost-conn, by default these interfaces are added in the DOWN state, meaning they are off. You can see this by running ip addr and the interface will say state DOWN. (Note: ignore the value after the @, the interface name is everything before the @)
(c) root@nettux:/home/nettux# ip addr
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
12: c-l-0@if13: <BROADCAST,MULTICAST> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether 82:13:8b:48:55:16 brd ff:ff:ff:ff:ff:ff link-netns l
To bring an interface up, use the following command (since the shells for the namespaces are root, I'm not including sudo):
ip link set <INTERFACE> up
If you check with ip addr, you'll see the output has changed:
(c) root@nettux:/home/nettux# ip addr
...
12: c-l-0@if13: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 82:13:8b:48:55:16 brd ff:ff:ff:ff:ff:ff link-netns l
inet6 fe80::8013:8bff:fe48:5516/64 scope link tentative
valid_lft forever preferred_lft forever
Check that all interfaces (l-c-0, r-c-0, c-r-0, c-l-0) are in the UP state, then move onto the next section.
Note
Most Linux distributions will bring up their physical interfaces by default. However, if new interfaces are added (new NIC, for example), they may not.
Setting IP Addresses
We want to set up the network with these ranges:
192.168.70.0/24 172.17.40.0/24
l <-----------------> c <-----------------> r
.2 .1 .1 .2
To set an IP address on an interface (since the shells for the namespaces are root, I'm not including sudo):
ip addr add <IP>/<PREFIX> dev <INTERFACE>
For l, the interface is l0 (verify with ip addr in the l namespace), and the IP and prefix we want is 192.168.70.2 and 24. To set the IP then is:
ip addr add 192.168.70.2/24 dev l0
Before you move on, make sure the following IPs are configured on the interfaces in the namespace:
| Namespace | Interface | Address | Prefix |
|---|---|---|---|
| l | l-c-0 |
192.168.70.2 |
24 |
| c | c-l-0 |
192.168.70.1 |
24 |
| c | c-r-0 |
172.17.40.1 |
24 |
| r | r-c-0 |
172.17.40.2 |
24 |
Verifying Connectivity
We can verify we can connect to our neighbor namespaces by pinging them with the ping command. So on l we can verify we can connect to c by pinging the IP on the interface connected to l (use ctrl-c to stop ping, otherwise it will go forever):
Note
If you have set the IP addresses, but can't ping. Make sure you set the right addresses on the right interfaces and set the right network prefix.
(l) root@nettux:/home/nettux# ping 192.168.70.1
PING 192.168.70.1 (192.168.70.1) 56(84) bytes of data.
64 bytes from 192.168.70.1: icmp_seq=1 ttl=64 time=s0.114 ms
64 bytes from 192.168.70.1: icmp_seq=2 ttl=64 time=0.067 ms
On c we can ping both the addresses on l and r:
(c) root@nettux:/home/nettux# ping 192.168.70.2
PING 192.168.70.2 (192.168.70.2) 56(84) bytes of data.
64 bytes from 192.168.70.2: icmp_seq=1 ttl=64 time=0.084 ms
64 bytes from 192.168.70.2: icmp_seq=2 ttl=64 time=0.068 ms
^C
--- 192.168.70.2 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1045ms
rtt min/avg/max/mdev = 0.068/0.076/0.084/0.008 ms
(c) root@nettux:/home/nettux# ping 172.17.40.2
PING 172.17.40.2 (172.17.40.2) 56(84) bytes of data.
64 bytes from 172.17.40.2: icmp_seq=1 ttl=64 time=0.186 ms
64 bytes from 172.17.40.2: icmp_seq=2 ttl=64 time=0.068 ms
64 bytes from 172.17.40.2: icmp_seq=3 ttl=64 time=0.106 ms
^C
--- 172.17.40.2 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2039ms
rtt min/avg/max/mdev = 0.068/0.120/0.186/0.049 ms
And r can ping c:
(r) root@nettux:/home/nettux# ping 172.17.40.1
PING 172.17.40.1 (172.17.40.1) 56(84) bytes of data.
64 bytes from 172.17.40.1: icmp_seq=1 ttl=64 time=0.067 ms
64 bytes from 172.17.40.1: icmp_seq=2 ttl=64 time=0.068 ms
However, l cannot ping r:
(l) root@nettux:/home/nettux# ping 172.17.40.2
ping: connect: Network is unreachable
Remember our question: "how do I get there?" l can ping c because they are directly connected. l knows that when we ping 192.168.70.1, its connected to that network and so it can get there ("route" it there). A computer knows how to route to networks directly connected to it. Past those direct connections though, it doesn't know how to get there. Thus, when we try to ping r, it gives up since it doesn't know what to do with it. We need to tell it what and where to route packets outside its directly connected network. That's the goal of part 3!